Comments (5)
awick
commented on June 12, 2024
The custom-fields section is for adding fields that the UI will show but are added to the session some other way. I will update the doc to make that clear.
Anyway, you would need to either modify capture or write a plugin if you want to collect new data from packets. Or open a feature request.
With ip.ttl specifically we've never added because no one has provided a good description of how they want to use the data and what to do with multiple values. Lets pretend you have a 100 packets in a session and each packet has a different ttl. Would you want to see all 100 values? If so why?
from arkime.
cyberfirst-developer
commented on June 12, 2024
With ip.ttl specifically we've never added because no one has provided a good description of how they want to use the data and what to do with multiple values.
mostly same as with TCP flags, grouped view by value.
unless there is route rebuild TTL usually does not differ much.
Anyway, you would need to either modify capture or write a plugin if you want to collect new data from packets. Or open a feature request.
In our case capture is direct interface or TZSP replay(so interface again). i am fine with plugin or config.
Issue that i did not found info how to add data into all levels.(actually we need same with TCP MSS).
some values may result in spoofing detection or strange behaviour.
So, i will be very obliged if you make guide how to add field on all levels(from capture to interface)
from arkime.
awick
commented on June 12, 2024
With ip.ttl specifically we've never added because no one has provided a good description of how they want to use the data and what to do with multiple values.
mostly same as with TCP flags, grouped view by value. unless there is route rebuild TTL usually does not differ much.
Not sure what you mean, can you provide an example
Anyway, you would need to either modify capture or write a plugin if you want to collect new data from packets. Or open a feature request.
In our case capture is direct interface or TZSP replay(so interface again). i am fine with plugin or config. Issue that i did not found info how to add data into all levels.(actually we need same with TCP MSS).
You can't do with just config, you will need to modify capture or write a plugin.
Since this is at the packet level you'll need to modify arkime.h and packet.c to start with.
from arkime.
cyberfirst-developer
commented on June 12, 2024
Not sure what you mean, can you provide an example
something like that.
You can't do with just config, you will need to modify capture or write a plugin.
I am fine with both options.
Since this is at the packet level you'll need to modify arkime.h and packet.c to start with.
this is root arkime files, it will mean fork. it is possible to make with just plugin? or parser-plugin?(if possible want to stay without patch to arkime itself)
from arkime.
awick
commented on June 12, 2024
Ok, so you want a list of unique values and a count of each of those values.
Currently we have no easy way to do that.
this is root arkime files, it will mean fork. it is possible to make with just plugin? or parser-plugin?(if possible want to stay without patch to arkime itself)
You would do a PR and submit it back to the project, you wouldn't have to maintain a fork. To do a plugin you could use arkime_plugins_set_cb and set a ipFunc
from arkime.
Related Issues (20)
- a few issues with pcap-over-ip HOT 6
- have form/oidc auth redirect to correct url HOT 1
- Add timestamps to files index - depends on new db version
- Allow intercepting TCP headers for the JA4Plus plugin HOT 2
- The command "./easybutton build. sh -- install" failed to execute HOT 1
- capture service not respecting maxFileSizeG HOT 1
- moloch_update_geo.sh URLs seem to be broken HOT 1
- capture - readTruncatedPackets config option doesn't work HOT 1
- Move off screwdriver and stop EL 7 and Ubuntu 18 support HOT 1
- Move off S3 bucket
- Allow administrators to set the default time zone for all users
- SPI Graph Export
- SPIView - Only set facets=1 when graph needed HOT 2
- nodejs 20 support
- [proposal] New generic field type with support for more complex structs HOT 5
- Session Detail Broken - Heckin' Firefox
- Add ability to save/share/... Info column settings
- Retrieving PCAP using multiviewer doesn't work when remote viewer node has basePath
- File carving downloads seems to lock up viewer
- Importing PCAP Files from S3 times out after 120 seconds HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from arkime.